Open Closed

I can't login via http stream #344


User avatar
0
gvnuysal created
  • ABP Framework version: v3.0.5
  • UI type:MVC
  • Tiered (MVC) or Identity Server Seperated (Angular): no
  • Exception message and stack trace:
  • Steps to reproduce the issue:

If I run it with https, I can login, but when I run it with http, I cannot login. If I use http in appsettings and iis settings, I cannot login. I wonder what I need to do to run it with http://localhost:XXXX.

Thanks.


5 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Please see https://docs.microsoft.com/en-gb/dotnet/core/compatibility/3.0-3.1#http-browser-samesite-changes-impact-authentication and discuss aspnetcore : https://github.com/dotnet/aspnetcore/issues/14996. This is the default behavior of chrome.

    Update the ConfigureAuthentication method of the **YourProjectName**WebModule class. like:

    context.Services.AddAuthentication()
    .AddIdentityServerAuthentication(options =>
    {
        options.Authority = configuration["AuthServer:Authority"];
        options.RequireHttpsMetadata = false;
        options.ApiName = "qa";
    }) 
    // add this
    .Services.ConfigureApplicationCookie(options =>
    {
        options.Cookie.SameSite = SameSiteMode.Unspecified;
    });
    

    However, recommend you to use https.

  • User Avatar
    0
    gvnuysal created

    Hi @liangshiwei thanks your answer

  • User Avatar
    0
    robb created

    I had this problem today--affected both HTTP and HTTPS in absolute latest version of Chrome

    Firefox was OK but still complained in console warnings about SameSite cookies

    I implemented the above code change as recommended by liangshiwei and it seems to have corrected the problem

    Is the recommended code change a permanent solution or only a temporary workaround?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi @robb@designitcorp.ca, You should use https as the solution, If you really want to use http, you need to check the browser and set the samesite, See https://github.com/IdentityServer/IdentityServer4/issues/4165

  • User Avatar
    0
    robb created

    I am using HTTPS

    I still had to make the above code change to get it to work

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38